Integrating Information Flow Analysis in Unifying Theories of Programming

The virtual machine in the fine-grained information flow tracking is the basis for realization of transparent cloud platform program level control. The information flow control access to sensitive information in the process, because the authority transfer security level and cannot read or write the non sensitive data, the coarse granularity information flow control is difficult to meet the actual demand of diversification, this paper proposes extended DIFC (Distributed Information Flow Control) model, this model avoids component of cloud platform virtual machine because of the higher level of security sensitive data through reading, it sends or modifies the defects of non sensitive data by transfering the authority, and effectively overcomes the defect that the existing information flow control method for the coarse granularity, and the shortcomings which unable to meet the actual demand, this model guarantees the tracking and control of fine-grained information flow within the virtual machine application, and it does not affect the original cloud service operation.

The security of software-intensive systems is frequently attacked. High fines or loss in reputation are potential consequences of not maintaining confidentiality, which is an important security objective. Detecting confidentiality issues in early software designs enables cost-efficient fixes. A Data Flow Diagram (DFD) is a modeling notation, which focuses on essential, functional aspects of such early software designs. Existing confidentiality analyses on DFDs support either information flow control or access control, which are the most common confidentiality mechanisms. Combining both mechanisms can be beneficial but existing DFD analyses do not support this. This lack of expressiveness requires designers to switch modeling languages to consider both mechanisms, which can lead to inconsistencies. In this article, we present an extended DFD syntax that supports modeling both, information flow and access control, in the same language. This improves expressiveness compared to related work and avoids inconsistencies. We define the semantics of extended DFDs by clauses in first-order logic. A logic program made of these clauses enables the automated detection of confidentiality violations by querying it. We evaluate the expressiveness of the syntax in a case study. We attempt to model nine information flow cases and six access control cases. We successfully modeled fourteen out of these fifteen cases, which indicates good expressiveness. We evaluate the reusability of models when switching confidentiality mechanisms by comparing the cases that share the same system design, which are three pairs of cases. We successfully show improved reusability compared to the state of the art. We evaluated the accuracy of confidentiality analyses by executing them for the fourteen cases that we could model. We experienced good accuracy.

Making Data Flow

Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

This paper investigates the problem of preserving information flow security in Event-B specification models and during the process of refining an abstract specification to be more concrete. A typed Event-B model is presented to enforce information flow security.We then present an approach to the problem of preserving information flow properties under abstraction refinement. The novelty of the approach is that we formalise refinement transformation in terms of the mathematical concept of Galois connection for the purpose of information-flow analysis and control. That is, the stateinvariant and state-transition predicates of the models are used to generate the Galois connection. We show how the refinement transformation ensures to preserve the security properties during the development steps from the beginning abstract-level specification to a concrete implementation.

Information flow control is a key issue in the large-scale systems, it needs to consider the collaboration between multi-components, execution efficiency, system security, and other aspects, the complexity of information flow control is particularly prominent in the virtualization system. The current information flow control in virtualization system mainly use direct communication and asynchronous communication mode, but they have disadvantage such as complexity of VMM designing, increasing the risk of system security, low efficiency of data transmission. In this paper, we establish a synchronous communication mechanism based on the Collaborative-VMM, three key information flow control were designed in this VMM including I/O processing, interrupt processing, and user interface, it can eliminate the issue of processing delay between VMM and the I/O processing component. The experimental results show that the synchronous communication mechanism can simplify the design of virtualization system and does not reduce the performance of the system at the same time, it is a viable information flow control scheme.

Information Flow Control (IFC) is important to ensure secure programs where secret data does not influence any public data. The pervasive standard that IFC aims to is non-interference. Current IFC systems are separated into dynamic IFC, static IFC, and hybrids between static and dynamic. With dynamic IFC suffering from high overhead and limited ability to prevent implicit flows due to the paths not taken, we propose a novel modular static IFC system. To the best of our knowledge, this is the first modular static IFC system. Unlike type-based static IFC systems, ours is logic-based. The limitation of type-based IFC systems is in the inviolability of static security label declarations for fields. As such, they suffer from transient leaks on fields. Our proposed system uses a Hoare-like logic. It verifies each function independently with the help of separation logic. Furthermore, we provide the proof of correctness for our novel IFC system with respect to termination- and timing-insensitive non-interference.

In mobile platforms and their app markets, controlling app permissions and preventing abuse of private information are crucial challenges. Information Flow Control (IFC) is a powerful approach for formalizing and answering user concerns such as: Does this app send my geolocation to the Internet? Yet despite intensive research efforts, IFC has not been widely adopted in mainstream programming practice. Abstract We observe that the typical structure of Android apps offers an opportunity for a novel and effective application of IFC. In Android, an app consists of a collection of a few dozen each in charge of some high-level functionality. Most components do not require access to most resources. These components are a natural and effective granularity at which to apply IFC (as opposed to the typical process-level or language-level granularity). By assigning different permission labels to each component, and limiting information flow between components, it is possible to express and enforce IFC constraints. Yet nuances of the Android platform, such as its multitude of discretionary (and somewhat arcane) communication channels, raise challenges in defining and enforcing component boundaries.Abstract We build a system, DroidDisintegrator, which demonstrates the viability of component-level IFC for expressing and controlling app behavior. DroidDisintegrator uses dynamic analysis to generate IFC policies for Android apps, repackages apps to embed these policies, and enforces the policies at runtime. We evaluate DroidDisintegrator on dozens of apps.

We investigate the integration of two approaches to information security: information flow analysis, in which the dependence between secret inputs and public outputs is tracked through a program, and differential privacy, in which a weak dependence between input and output is permitted but provided only through a relatively small set of known differentially private primitives.We find that information flow for differentially private observations is no harder than dependency tracking. Differential privacy's strong guarantees allow for efficient and accurate dynamic tracking of information flow, allowing the use of existing technology to extend and improve the state of the art for the analysis of differentially private computations.

This paper presents a framework for reasoning about the security of confidential data within software systems. A novelty is that we use Hoare and He's Unifying Theories of Programming (UTP) to do so and derive advantage from this choice. We identify how information flow between users can be modelled in the UTP and devise conditions for verifying that system designs may not leak secret information to untrusted users. We also investigate how these conditions can be combined with existing notions of refinement to produce refinement relations suitable for deriving secure implementations of systems.

A flexible manufacturing system (FMS) has a traditional structure of three-levels: the unit, the workstation, and the machine levels. The design quality of the workstation level plays an important role in the overall FMS performance. This paper focuses on the information flow analysis and control of the FMS workstation level. In order to design a unified workstation level system structure, front-end interfaces are introduced into the system which communicate with the workstation level through standard interface. After analyzing the information flow in the FMS workstation level, a modified Petri net is presented which associates data structures with places and programs/procedures with transitions. Using the modified Petri net, the model is set up for the information flow of the FMS workstation level. The designed system has been implemented in a real manufacturing factory with satisfactory and stable performance.

Mechanisms of neuroprogression and interventions to predict and arrest it

CDroid: practically implementation a formal-analyzed CIFC model on Android

A new generation of avionics system has three major technical characteristics of high resource sharing, data integration and software intensive. However, in the cooperative combat environment, which has the problem of potential sensitive information leakage and tamper when the combat aircraft communicate with each other. In this paper, we are based on the single node of information flow control model, combined with PCS, proposed a distributed information flow control model in MILS, constructed the PCS information flow control strategy, and together with other trusted component of information flow control strategy that form the multi-level information flow control policy framework, which design an information flow control mechanism of PCS and realized the distributed information flow control in MILS. After analysis and verification, the design of the distributed information flow security control method in MILS can effectively ensure the confidentiality and integrity of the information among the nodes.

Information flow control (IFC) has been extensively studied as an approach to mitigate information leaks in applications. A vast majority of existing work in this area is based on static analysis. However, some applications, especially on the Web, are developed using dynamic languages like JavaScript where static analyses for IFC do not scale well. As a result, there has been a growing interest in recent years to develop dynamic or runtime information flow analysis techniques. In spite of the advances in the field, runtime information flow analysis has not been at the helm of information flow security, one of the reasons being that the analysis techniques and the security property related to them (non-interference) over-approximate information flows (particularly implicit flows), generating many false positives. In this paper, we present a sound and precise approach for handling implicit leaks at runtime. In particular, we present an improvement and enhancement of the so-called permissive-upgrade strategy, which is widely used to tackle implicit leaks in dynamic information flow control. We improve the strategy’s permissiveness and generalize it. Building on top of it, we present an approach to handle implicit leaks when dealing with complex features like unstructured control flow and exceptions in higher-order languages. We explain how we address the challenge of handling unstructured control flow using immediate post-dominator analysis. We prove that our approach is sound and precise.